292 matches found
Circle with Disney Apid Strstr Authentication Bypass Vulnerability(CVE-2017-2914)
Summary An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs...
CVE-2015-7546
CVE-2015-7546 affects OpenStack Keystone and related keystonemiddleware: the identity service fails to invalidate authorization tokens when using PKI or PKIZ providers, enabling remote authenticated users to bypass access controls by manipulating bytes in a revoked token. Affected versions includ...
FruityWifi v2.2 - Wireless Network Auditing Tool
FruityWifi is an open source tool to audit wireless networks. It allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it. Initialy the application was created to be used with the Raspberry-Pi, but it can be installed on any Debian based system...
EMC RSA Authentication Agent Access Control Bypass Vulnerability - Windows
RSA Authentication Agent is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2012-2720
The Token Authentication tokenauth module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges...
Authentication flaw
The Token Authentication tokenauth module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges...
CVE-2012-2720
The CVE-2012-2720 entry applies to the Drupal Token Authentication module (tokenauth) in 6.x-1.x prior to 6.x-1.7. The underlying issue is that sessions are not properly reverted, which could allow remote attackers to perform requests with extra privileges. Affected component: Tokenauth 6.x-1.x (...
CVE-2012-2720
The Token Authentication tokenauth module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges...
SA-CONTRIB-2012-091 - Token Authentication - Access bypass
The Token Authentication module provides a token for use in the URL to authenticate users to a site. Under certain uncommon situations, the module may not revert a user's session properly. Depending on how tokenauth is used, this could result in subsequent requests being performed as a user with...
Netease Weibo CSRF two use-vulnerability warning-the black bar safety net
Does not perform token authentication vulnerable to CSRF attacks Detailed description: A malicious attacker may construct a malicious form, and the defrauded victims of the click, when the victim clicks on the link, on behalf of the victim to produce a microblogging information, this method can...
[Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Clear text password exposure in Datakey's tokens and smartcards Classification: =============== Level: LOW-med-high-crit ID: HEXVIEW200408031 Overview: ========= Datakey http://www.datakey.com delivers smartcard and token-based authentication and...
DUO-PSA-2020-003: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2020-003 Publication Date: 2020-06-30 Revision Date: 2020-06-30 Status: Confirmed, Fixed Document Revision: 2 Overview Duo has identified and fixed an issue in the Duo Connect client that allows end-users to choose insecure configurations. If...